The race to keep massive AI workloads powered around the clock has led Meta to sign a capacity reservation agreement with Overview Energy, a startup developing spacecraft that collect solar energy in space and convert it to near-infrared light beamed at large terrestrial solar farms. The deal — for up to 1 gigawatt of capacity — is a notable early
Category: Data Breach
Data Breach, data breach alert, data leak, data leakage, security incident, breach investigation, breach response, credential leak, personal data exposure, data theft, leaked database, exposed records, account compromise, password leak, corporate data breach, remote code execution, cyber espionage
Microsoft Outlook.com Hits Service Degradation: What Happened and How to Prepare
On April 27, 2026, Microsoft acknowledged a service degradation affecting Outlook.com after users across multiple regions reported problems accessing their inboxes. The company’s Microsoft 365 Status account on X confirmed intermittent issues, and Microsoft’s service health dashboard classified the incident as a “Service Degradation” rather than a full outage. For many organizations and individual users, the disruption meant delayed email
Hackers Leverage Microsoft Teams to Breach Organizations: Inside UNC6692’s SNOW Campaign
In late 2025 and into early 2026, a sophisticated intrusion campaign used the everyday familiarity of Microsoft Teams to turn routine collaboration into a direct route for enterprise compromise. By posing as IT helpdesk staff and exploiting users’ trust in external Teams invitations, the threat group tracked as UNC6692 moved from a simple chat message to full domain-level access—without exploiting
Bitwarden CLI Compromised in Supply Chain Attack via GitHub Actions
Socket and other researchers have confirmed that the Bitwarden CLI package published to npm — @bitwarden/cli version 2026.4.0 — was compromised in a supply chain attack that abused a GitHub Action in Bitwarden’s CI/CD pipeline. The malicious release injected a file named bw1.js into the package, exposing tokens, cloud credentials, SSH keys and other sensitive artifacts. While Bitwarden’s Chrome extension,
Mustang Panda Turns Its Gaze on Indian Banks: Espionage Dressed as Help Desk Support
China’s Mustang Panda APT — also tracked as TA416, Bronze President, or Stately Taurus — is best known for adaptable tradecraft and a steady focus on geopolitical intelligence collection. In its most recent campaign, researchers tied to Acronis observed the group shifting some of that attention toward India’s financial sector. The attacks are notable less for technical sophistication than for
Comment and Control: How GitHub Comments Became a New Prompt-Injection Threat
A new class of prompt-injection attacks—dubbed “Comment and Control”—turns GitHub pull requests, issues, and comments into attack surfaces that can hijack AI coding agents and siphon secrets directly from CI/CD environments. Unlike classic prompt injection that waits for a user to feed a document to an agent, this pattern is proactive: opening a PR or posting an issue can automatically